Created
September 30, 2021 21:14
-
-
Save theundefined/2243c7db7f842b363fc390f57441b8e7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| undefine@uml:~$ echo |openssl s_client -connect letsencrypt.org:443 -showcerts >x.pem | |
| depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 | |
| verify return:1 | |
| depth=1 C = US, O = Let's Encrypt, CN = R3 | |
| verify return:1 | |
| depth=0 CN = lencr.org | |
| verify return:1 | |
| DONE | |
| undefine@uml:~$ openssl verify -CAfile x.pem x.pem | |
| C = US, O = Internet Security Research Group, CN = ISRG Root X1 | |
| error 2 at 2 depth lookup: unable to get issuer certificate | |
| error x.pem: verification failed | |
| undefine@uml:~$ grep DST /etc/ca-certificates.conf | |
| !mozilla/DST_ACES_CA_X6.crt | |
| !mozilla/DST_Root_CA_X3.crt | |
| undefine@uml:~$ sudo vim /etc/ca-certificates.conf | |
| undefine@uml:~$ grep X3 /etc/ca-certificates.conf | |
| undefine@uml:~$ sudo update-ca-certificates --fresh | |
| Clearing symlinks in /etc/ssl/certs... | |
| done. | |
| Updating certificates in /etc/ssl/certs... | |
| rehash: warning: skipping duplicate certificate in UbuntuOne-Go_Daddy_Class_2_CA.pem | |
| 128 added, 0 removed; done. | |
| Running hooks in /etc/ca-certificates/update.d... | |
| Replacing debian:Actalis_Authentication_Root_CA.pem | |
| Replacing debian:AffirmTrust_Commercial.pem | |
| Replacing debian:AffirmTrust_Networking.pem | |
| Replacing debian:AffirmTrust_Premium.pem | |
| Replacing debian:AffirmTrust_Premium_ECC.pem | |
| Replacing debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem | |
| Replacing debian:Baltimore_CyberTrust_Root.pem | |
| Replacing debian:Buypass_Class_2_Root_CA.pem | |
| Replacing debian:Buypass_Class_3_Root_CA.pem | |
| Replacing debian:CA_Disig_Root_R2.pem | |
| Replacing debian:Certigna.pem | |
| Replacing debian:certSIGN_ROOT_CA.pem | |
| Replacing debian:Certum_Trusted_Network_CA.pem | |
| Replacing debian:Chambers_of_Commerce_Root_-_2008.pem | |
| Replacing debian:Comodo_AAA_Services_root.pem | |
| Replacing debian:COMODO_Certification_Authority.pem | |
| Replacing debian:COMODO_ECC_Certification_Authority.pem | |
| Replacing debian:Cybertrust_Global_Root.pem | |
| Replacing debian:DigiCert_Assured_ID_Root_CA.pem | |
| Replacing debian:DigiCert_Global_Root_CA.pem | |
| Replacing debian:DigiCert_High_Assurance_EV_Root_CA.pem | |
| Replacing debian:D-TRUST_Root_Class_3_CA_2_2009.pem | |
| Replacing debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem | |
| Replacing debian:EC-ACC.pem | |
| Replacing debian:Entrust.net_Premium_2048_Secure_Server_CA.pem | |
| Replacing debian:Entrust_Root_Certification_Authority.pem | |
| Replacing debian:ePKI_Root_Certification_Authority.pem | |
| Replacing debian:GeoTrust_Primary_Certification_Authority_-_G2.pem | |
| Replacing debian:Global_Chambersign_Root_-_2008.pem | |
| Replacing debian:GlobalSign_Root_CA.pem | |
| Replacing debian:GlobalSign_Root_CA_-_R2.pem | |
| Replacing debian:GlobalSign_Root_CA_-_R3.pem | |
| Replacing debian:Go_Daddy_Class_2_CA.pem | |
| Replacing debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem | |
| Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem | |
| Replacing debian:Hongkong_Post_Root_CA_1.pem | |
| Replacing debian:Izenpe.com.pem | |
| Replacing debian:Microsec_e-Szigno_Root_CA_2009.pem | |
| Replacing debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem | |
| Replacing debian:Network_Solutions_Certificate_Authority.pem | |
| Replacing debian:QuoVadis_Root_CA_2.pem | |
| Replacing debian:QuoVadis_Root_CA_3.pem | |
| Replacing debian:QuoVadis_Root_CA.pem | |
| Replacing debian:Secure_Global_CA.pem | |
| Replacing debian:SecureSign_RootCA11.pem | |
| Replacing debian:SecureTrust_CA.pem | |
| Replacing debian:Security_Communication_RootCA2.pem | |
| Replacing debian:Security_Communication_Root_CA.pem | |
| Replacing debian:Sonera_Class_2_Root_CA.pem | |
| Replacing debian:Starfield_Class_2_CA.pem | |
| Replacing debian:Starfield_Root_Certificate_Authority_-_G2.pem | |
| Replacing debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem | |
| Replacing debian:SwissSign_Gold_CA_-_G2.pem | |
| Replacing debian:SwissSign_Silver_CA_-_G2.pem | |
| Replacing debian:Trustis_FPS_Root_CA.pem | |
| Replacing debian:T-TeleSec_GlobalRoot_Class_3.pem | |
| Replacing debian:TWCA_Root_Certification_Authority.pem | |
| Replacing debian:VeriSign_Universal_Root_Certification_Authority.pem | |
| Replacing debian:XRamp_Global_CA_Root.pem | |
| Replacing debian:ACCVRAIZ1.pem | |
| Replacing debian:Atos_TrustedRoot_2011.pem | |
| Replacing debian:DigiCert_Assured_ID_Root_G2.pem | |
| Replacing debian:DigiCert_Assured_ID_Root_G3.pem | |
| Replacing debian:DigiCert_Global_Root_G2.pem | |
| Replacing debian:DigiCert_Global_Root_G3.pem | |
| Replacing debian:DigiCert_Trusted_Root_G4.pem | |
| Replacing debian:E-Tugra_Certification_Authority.pem | |
| Replacing debian:QuoVadis_Root_CA_1_G3.pem | |
| Replacing debian:QuoVadis_Root_CA_2_G3.pem | |
| Replacing debian:QuoVadis_Root_CA_3_G3.pem | |
| Replacing debian:TeliaSonera_Root_CA_v1.pem | |
| Replacing debian:T-TeleSec_GlobalRoot_Class_2.pem | |
| Replacing debian:TWCA_Global_Root_CA.pem | |
| Replacing debian:CFCA_EV_ROOT.pem | |
| Replacing debian:COMODO_RSA_Certification_Authority.pem | |
| Replacing debian:Entrust_Root_Certification_Authority_-_EC1.pem | |
| Replacing debian:Entrust_Root_Certification_Authority_-_G2.pem | |
| Replacing debian:GlobalSign_ECC_Root_CA_-_R4.pem | |
| Replacing debian:GlobalSign_ECC_Root_CA_-_R5.pem | |
| Replacing debian:IdenTrust_Commercial_Root_CA_1.pem | |
| Replacing debian:IdenTrust_Public_Sector_Root_CA_1.pem | |
| Replacing debian:OISTE_WISeKey_Global_Root_GB_CA.pem | |
| Replacing debian:Staat_der_Nederlanden_EV_Root_CA.pem | |
| Replacing debian:Staat_der_Nederlanden_Root_CA_-_G3.pem | |
| Replacing debian:USERTrust_ECC_Certification_Authority.pem | |
| Replacing debian:USERTrust_RSA_Certification_Authority.pem | |
| Replacing debian:AC_RAIZ_FNMT-RCM.pem | |
| Replacing debian:Amazon_Root_CA_1.pem | |
| Replacing debian:Amazon_Root_CA_2.pem | |
| Replacing debian:Amazon_Root_CA_3.pem | |
| Replacing debian:Amazon_Root_CA_4.pem | |
| Replacing debian:Certum_Trusted_Network_CA_2.pem | |
| Replacing debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem | |
| Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem | |
| Replacing debian:ISRG_Root_X1.pem | |
| Replacing debian:SZAFIR_ROOT_CA2.pem | |
| Replacing debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem | |
| Replacing debian:GDCA_TrustAUTH_R5_ROOT.pem | |
| Replacing debian:GlobalSign_Root_CA_-_R6.pem | |
| Replacing debian:OISTE_WISeKey_Global_Root_GC_CA.pem | |
| Replacing debian:SSL.com_EV_Root_Certification_Authority_ECC.pem | |
| Replacing debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem | |
| Replacing debian:SSL.com_Root_Certification_Authority_ECC.pem | |
| Replacing debian:SSL.com_Root_Certification_Authority_RSA.pem | |
| Replacing debian:TrustCor_ECA-1.pem | |
| Replacing debian:TrustCor_RootCert_CA-1.pem | |
| Replacing debian:TrustCor_RootCert_CA-2.pem | |
| Adding debian:Certigna_Root_CA.pem | |
| Adding debian:certSIGN_Root_CA_G2.pem | |
| Adding debian:emSign_ECC_Root_CA_-_C3.pem | |
| Adding debian:emSign_ECC_Root_CA_-_G3.pem | |
| Adding debian:emSign_Root_CA_-_C1.pem | |
| Adding debian:emSign_Root_CA_-_G1.pem | |
| Adding debian:Entrust_Root_Certification_Authority_-_G4.pem | |
| Adding debian:e-Szigno_Root_CA_2017.pem | |
| Adding debian:GTS_Root_R1.pem | |
| Adding debian:GTS_Root_R2.pem | |
| Adding debian:GTS_Root_R3.pem | |
| Adding debian:GTS_Root_R4.pem | |
| Adding debian:Hongkong_Post_Root_CA_3.pem | |
| Adding debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem | |
| Adding debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem | |
| Adding debian:Trustwave_Global_Certification_Authority.pem | |
| Adding debian:Trustwave_Global_ECC_P256_Certification_Authority.pem | |
| Adding debian:Trustwave_Global_ECC_P384_Certification_Authority.pem | |
| Adding debian:UCA_Extended_Validation_Root.pem | |
| Adding debian:UCA_Global_G2_Root.pem | |
| Adding debian:NAVER_Global_Root_Certification_Authority.pem | |
| done. | |
| Updating Mono key store | |
| Linux Cert Store Sync - version 4.6.2.0 | |
| Synchronize local certs with certs from local Linux trust store. | |
| Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed. | |
| I already trust 130, your new list has 128 | |
| Import process completed. | |
| Done | |
| done. | |
| undefine@uml:~$ openssl verify -CAfile x.pem x.pem | |
| C = US, O = Internet Security Research Group, CN = ISRG Root X1 | |
| error 2 at 2 depth lookup: unable to get issuer certificate | |
| error x.pem: verification failed | |
| undefine@uml:~$ vim x.pem # usunięcie ostatniego certyfikatu podpisanego przez DST) | |
| undefine@uml:~$ openssl verify -CAfile x.pem x.pem | |
| x.pem: OK |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment